The said toolkit, a crimeware kit is known as ZombieM Bot Builder that assists in producing tailored versions of a Trojan malware, which behaves like a botnet client.

Writes Malware Researcher Andrew Brandt from Webroot in a personal blog message, somebody has infiltrated their bot producer's both versions, the old 1.0 and the new 2.0 as also published them on the Net for the benefit of other financially constrained criminals who do not possess Euro 180 to be able to buy them. Brandt explains that by infiltrating the versions one can utilize the program wholly for producing bots as well as handling the botnet even in the absence of a tailored user id and password. Webroot.com reported this during the 2nd week of September 2010.

The infiltrated editions, however, has a hitch: every time one runs them, they as well load Trojan-Backdoor-PoisonIvy onto the end-users' PCs that in the current instance links up with and waits to take commands from a Columbia situated central server.

The researcher continues that the toolkit is a cause for some worry considering the Argentinean gang of hackers, Arhack's claim that the development of the kit is its own creation. States the web-page of the bot, the Trojan can propagate itself through removable media, MSN Messenger, and peer-to-peer file sharing computers as also it can spread like a PC virus across a network.

Nevertheless, in reality, writes Brandt, the script of the Trojan is pretty raw and it's quite simple to develop a not so specialized signature which will identify all wares the toolkit produces.

He adds that it's possible that the majority of AV companies will introduce the same kind of detection routines.

Ultimately, as innocent netizens increasingly surf on the Internet worldwide without any knowledge of the above kind of crimeware toolkits, Webroot recommends that till the time the signatures are developed, users should maintain an anti-virus solution that's updated.